CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2023-53062 – net: usb: smsc95xx: Limit packet length to skb->len
https://notcve.org/view.php?id=CVE-2023-53062
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory contents. In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length... • https://git.kernel.org/stable/c/2f7ca802bdae2ca41022618391c70c2876d92190 •
CVSS: 7.1EPSS: %CPEs: 12EXPL: 0CVE-2023-53054 – usb: dwc2: fix a devres leak in hw_enable upon suspend resume
https://notcve.org/view.php?id=CVE-2023-53054
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix a devres leak in hw_enable upon suspend resume Each time the platform goes to low power, PM suspend / resume routines call: __dwc2_lowlevel_hw_enable -> devm_add_action_or_reset(). This adds a new devres each time. This may also happen at runtime, as dwc2_lowlevel_hw_enable() can be called from udc_start(). This can be seen with tracing: - echo 1 > /sys/kernel/debug/tracing/events/dev/devres_log/enable - go to low power - cat... • https://git.kernel.org/stable/c/33a06f1300a79cfd461cea0268f05e969d4f34ec •
CVSS: 7.8EPSS: %CPEs: 2EXPL: 0CVE-2023-53052 – cifs: fix use-after-free bug in refresh_cache_worker()
https://notcve.org/view.php?id=CVE-2023-53052
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix use-after-free bug in refresh_cache_worker() The UAF bug occurred because we were putting DFS root sessions in cifs_umount() while DFS cache refresher was being executed. Make DFS root sessions have same lifetime as DFS tcons so we can avoid the use-after-free bug is DFS cache refresher and other places that require IPCs to get new DFS referrals on. Also, get rid of mount group handling in DFS cache as we no longer need it. This f... • https://git.kernel.org/stable/c/5a89d81c1a3c152837ea204fd29572228e54ce0b •
CVSS: 7.8EPSS: %CPEs: 8EXPL: 0CVE-2023-53051 – dm crypt: add cond_resched() to dmcrypt_write()
https://notcve.org/view.php?id=CVE-2023-53051
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: dm crypt: add cond_resched() to dmcrypt_write() The loop in dmcrypt_write may be running for unbounded amount of time, thus we need cond_resched() in it. This commit fixes the following warning: [ 3391.153255][ C12] watchdog: BUG: soft lockup - CPU#12 stuck for 23s! [dmcrypt_write/2:2897] ... [ 3391.387210][ C12] Call trace: [ 3391.390338][ C12] blk_attempt_bio_merge.part.6+0x38/0x158 [ 3391.395970][ C12] blk_attempt_plug_merge+0xc0/0x1b0 [... • https://git.kernel.org/stable/c/dc2676210c425ee8e5cb1bec5bc84d004ddf4179 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2023-53045 – usb: gadget: u_audio: don't let userspace block driver unbind
https://notcve.org/view.php?id=CVE-2023-53045
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_audio: don't let userspace block driver unbind In the unbind callback for f_uac1 and f_uac2, a call to snd_card_free() via g_audio_cleanup() will disconnect the card and then wait for all resources to be released, which happens when the refcount falls to zero. Since userspace can keep the refcount incremented by not closing the relevant file descriptor, the call to unbind may block indefinitely. This can cause a deadlock duri... • https://git.kernel.org/stable/c/132fcb460839a876f5bc8b71bede60f8d0875757 •
CVSS: 7.8EPSS: %CPEs: 8EXPL: 0CVE-2023-53044 – dm stats: check for and propagate alloc_percpu failure
https://notcve.org/view.php?id=CVE-2023-53044
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate alloc_percpu failure Check alloc_precpu()'s return value and return an error from dm_stats_init() if it fails. Update alloc_dev() to fail if dm_stats_init() does. Otherwise, a NULL pointer dereference will occur in dm_stats_cleanup() even if dm-stats isn't being actively used. In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate alloc_percpu failure Check all... • https://git.kernel.org/stable/c/fd2ed4d252701d3bbed4cd3e3d267ad469bb832a •
CVSS: 5.6EPSS: %CPEs: 3EXPL: 0CVE-2023-53042 – drm/amd/display: Do not set DRR on pipe Commit
https://notcve.org/view.php?id=CVE-2023-53042
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not set DRR on pipe Commit [WHY] Writing to DRR registers such as OTG_V_TOTAL_MIN on the same frame as a pipe commit can cause underflow. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not set DRR on pipe Commit [WHY] Writing to DRR registers such as OTG_V_TOTAL_MIN on the same frame as a pipe commit can cause underflow. • https://git.kernel.org/stable/c/f8080f1e300e7abcc03025ec8b5bab69ae98daaa •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2023-53041 – scsi: qla2xxx: Perform lockless command completion in abort path
https://notcve.org/view.php?id=CVE-2023-53041
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Perform lockless command completion in abort path While adding and removing the controller, the following call trace was observed: WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_free_attrs+0x33/0x50 CPU: 3 PID: 623596 Comm: sh Kdump: loaded Not tainted 5.14.0-96.el9.x86_64 #1 RIP: 0010:dma_free_attrs+0x33/0x50 Call Trace: qla2x00_async_sns_sp_done+0x107/0x1b0 [qla2xxx] qla2x00_abort_srb+0x8e/0x250 [qla2xxx] ? ql_... • https://git.kernel.org/stable/c/9189f20b4c5307c0998682bb522e481b4567a8b8 •
CVSS: 7.8EPSS: %CPEs: 8EXPL: 0CVE-2023-53040 – ca8210: fix mac_len negative array access
https://notcve.org/view.php?id=CVE-2023-53040
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ca8210: fix mac_len negative array access This patch fixes a buffer overflow access of skb->data if ieee802154_hdr_peek_addrs() fails. In the Linux kernel, the following vulnerability has been resolved: ca8210: fix mac_len negative array access This patch fixes a buffer overflow access of skb->data if ieee802154_hdr_peek_addrs() fails. • https://git.kernel.org/stable/c/55d836f75778d2e2cafe37e023f9c106400bad4b •
CVSS: 7.1EPSS: %CPEs: 4EXPL: 0CVE-2023-53039 – HID: intel-ish-hid: ipc: Fix potential use-after-free in work function
https://notcve.org/view.php?id=CVE-2023-53039
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function When a reset notify IPC message is received, the ISR schedules a work function and passes the ISHTP device to it via a global pointer ishtp_dev. If ish_probe() fails, the devm-managed device resources including ishtp_dev are freed, but the work is not cancelled, causing a use-after-free when the work function tries to access ishtp_dev. Use devm_work_autocancel() instead,... • https://git.kernel.org/stable/c/8c1d378b8c224fd50247625255f09fc01dcc5836 •